]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd34307)
Normalization and more error checking.
authorJulio Sánchez Fernández <jsanchez@openldap.org>
Tue, 23 Oct 2001 09:05:04 +0000 (09:05 +0000)
committerJulio Sánchez Fernández <jsanchez@openldap.org>
Tue, 23 Oct 2001 09:05:04 +0000 (09:05 +0000)
servers/slapd/schema_init.c patch | blob | history

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 7de9a7889512b1ad456a1e5c9b2b84f4155bad8f..4b6b52335a43da1e49665195256297cb574175a5 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3556,7 +3556,26 @@ certificateExactConvert(
        }
 
        serial = asn1_integer2str(xcert->cert_info->serialNumber);
+       if ( !serial ) {
+               X509_free(xcert);
+               return LDAP_INVALID_SYNTAX;
+       }
        issuer_dn = dn_openssl2ldap(X509_get_issuer_name(xcert));
+       if ( !issuer_dn ) {
+               X509_free(xcert);
+               ber_bvfree(serial);
+               return LDAP_INVALID_SYNTAX;
+       }
+       /* Actually, dn_openssl2ldap returns in a normalized format, but
+          it is different from our normalized format */
+       bv_tmp = issuer_dn;
+       if ( dnNormalize(NULL, bv_tmp, &issuer_dn) != LDAP_SUCCESS ) {
+               X509_free(xcert);
+               ber_bvfree(serial);
+               ber_bvfree(bv_tmp);
+               return LDAP_INVALID_SYNTAX;
+       }
+       ber_bvfree(bv_tmp);
 
        X509_free(xcert);
 
@@ -3630,7 +3649,7 @@ serial_and_issuer_parse(
        q = ch_malloc( (end-begin+1)+1 );
        AC_MEMCPY( q, begin, end-begin+1 );
        q[end-begin+1] = '\0';
-       *issuer_dn = ber_bvstr(q);
+       *issuer_dn = ber_bvstr(dn_normalize(q));
 
        return LDAP_SUCCESS;
 }
Cloned from git://git.openldap.org/openldap.git